View Full Version : Hot to prevent domain name spoofing?

10-01-2003, 01:44 PM
Is there a way to check or prevent someone from changing email headers to spoof a domain?

ie: bad guy copies html form order form and changes price giving himself a nice discount - changes an email header to make the order appear as if its legit and coming from my domain.

10-01-2003, 03:06 PM
I believe you could look at the Received: from header to see if anything is forged:

Received: from yourdomain.com (therealdomain.com [IP Address]) by yourdomain.com...

In that example above, yourdomain.com is forged, and "therealdomain.com" and its IP address - i.e. the values in the brackets - are the actual domain/IP address/computer that the e-mail was received from. So if the two do not match, then you know the headers are pretty much forged (varies from case to case and different e-mail programs, and there may be many Received: from headers in one e-mail - you need to know which one to look at).

10-01-2003, 03:34 PM
Im really looking for a way to do it serverside. But now that I think about it, that wouldn't work either. So i think the sure way to do it is process orders from a cart admin area and get away from anything like formmail and the likes.

10-01-2003, 04:58 PM

Are you familiar with Procmail? Using that, you could do the Received: from header check server side (automatically) and delete (or mark) mail that is forged. The only problem with this is that it may be a steep learning curve for you if you are not familiar with some kind of programming (preferably Perl, as well as basic regular expressions). If you like, I could help you set something up... But, yes, your other alternative is to do the processing on the server - you could write your order information to a file (or database table) and then set up a cron task to mail you that file at midnight every day or something. Or you could just use Miva Merchant ;)